log

Use this command to enable a standard or detailed logging IPv6 access list rule entry.

Syntax

log {entry | implicit_permit_nd-na | implicit_permit_nd-ns | implicit_deny | all}

Parameters

entry Specifies a sequence numbered entry to log when a hit occurs. Valid values: 1 - 5000. Default value: all
implicit_permit_nd
-na Specifies the logging of a neighbor advertisement hit.
implicit_permit_nd
-ns Specifies the logging of a neighbor solicitation hit.
implicit_deny Specifies the logging of an implicit deny rule hit.
all Specifies that all hits are to be logged, including the final implicit deny.

Defaults

None.

Mode

Standard or extended IPv6 access list configuration.

Usage

You can also turn on logging for each access list permit or deny rule when you configure the access list entry, using either the log or log-verbose parameters. When turning on logging within an access list rule configuration, all hits for that rule will be logged. The log command allows for turning on logging after a rule has been configured. The logging behavior is based upon the entry or keyword specified. If logging is already turned on for a permit or deny rule, The log command access list entry for that rule is redundant.

Access list logging is throttled to 1 log message per second. If there are multiple access list rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.

Example

This example enters configuration mode for standard IPv6 access list acl2 and enables standard logging for a final implicit deny hit:

System(rw-config)->ipv6 access-list standard acl2
System(rw-cfg-ipv6-std-acl)->log implicit_deny
System(rw-cfg-ipv6-std-acl)->